Risk Management

Risk Management at Wipro is an enterprise wide function backed by a qualified team of specialists with deep industry experience who develop frameworks and methodologies for assessing and mitigating risks. Enterprise Risk Management (ERM) works in close co-ordination with Business teams, Legal, Finance, Human Resources, Quality, office of the CIO, Delivery, Internal Audit and other Functional teams.

Enterprise Risk Management (ERM) enables and supports business objectives through risk-intelligent assessment and mitigation mechanisms while providing reassurance to all stake holders including Customers, Shareholders and Employees. This is done by identifying, assessing and mitigating risks within key business and functional processes through a collaborative approach. As part of this, the leveraging of technology and tools for continuous monitoring and reporting of risks is crucial.

ERM Framework

The risk landscape in the current business environment is changing dynamically with the dimensions of Cyber security, Information Security & Business Continuity, Data Privacy and Large Deal Execution figuring prominently in the risk charts of most organizations. To effectively mitigate these risks, we have deployed a risk management framework which helps proactively identify, prioritize and mitigate risks. The framework is based on principles laid out in the four globally recognized standards.

Elaborate program has been rolled out in the past years to assess and mitigate the risks on account of intellectual property both customer and Wipro owned. The same assist in identification, monitoring and creating awareness across the teams. The program has also been enhanced to address risks arising out of access provided to social media & collaboration platforms.

Data Privacy regulations relating to personal and health information dealt with both by and on behalf of Wipro increases the risk of non-compliance.

Data Privacy programs have been augmented by the creation of a dedicated Data Privacy team with specific emphasis to revalidate all existing frameworks, policies and processes that can be leveraged across by the respective teams, covering all applicable geographies and areas of operations.

Regulatory Compliances covering various federal, state, local and foreign laws relating to various aspects of the business operations are complex and non-compliances can result in substantial fines, sanctions etc.

A program on statutory compliance is in place with the objective to track all applicable regulations, obligation arising out the same and corresponding actions items that requires to be adhered to ensure compliance along with necessary workflows enabled. The program is monitored for compliances and regularly reviewed to ensure compliances are in place. Additional programs exist to cover specific regulations relating to immigration, anti-bribery etc.

Risk Management framework has been deployed for large value deals to assess solution fitness, credit risks, financial risks, technology risks among other risk factors. Additionally contract compliance programs are in place with regular reviews, early warning systems as well as customer satisfaction surveys to assess the effectiveness of the service delivery risks and preempt any risks arising from the same.

Functional & Operational risks arising out of various operational processes

Appropriate risk and control matrix have been designed for all critical business processes and both design and effectiveness tested under the SOX & Internal Financial Control Programs.

Risk Governance

The Board Committee on Audit, Risk and Compliance consisting of non-executive independent directors has the responsibility of periodically reviewing the company’s policies for risk assessment and risk management and assess the steps taken to control such risks. The committee also reviews and approves the Strategic and Operating Plan of Enterprise Risk Management function of the Company. Concomitantly, the internal Audit function at Wipro also plays a key role in identifying and highlighting potential risks to Board Committee. High risks including concerns related to Ombudsprocess, sexual harassment prevention and critical security incidents are tracked and reviewed periodically. They are reported to the Audit committee of the board every quarter. Customer related issues and key employee engagement developments are also reviewed by the board.